OpenEMR Cross-Site Scripting Vulnerability

Vulnerability

Purplemet Lab team discovered a cross-site scripting (XSS) vulnerability in OpenEMR before 5.0.1 Patch 6 (CVE-2018-18035). These versions embed a third party component named FlashCanvas which provides flashcanvas.swf, a Flash file vulnerable to a cross-site scripting.

Solution

Update to OpenEMR 5.0.1 Patch 6 or latest version.

Proof of concept

The vulnerability can be triggered using the following URL:

                            
                                http://ip/openemr/portal/sign/assets/flashcanvas.swf?id=12345678\%22));}catch(e){alert(document.domain)}//
                            
                        

Reference

See OpenEMR 5.0.1 Patch (9/9/18) release.

Purplemet technology detection

Purplemet detects OpenEMR with version and CVE.